Privacy Policy for SubAudit

Effective Date: 9 January 2026

1. Who We Are

SubAudit is a subscription management platform that helps users track, manage, and optimize their recurring subscriptions. Our service is available at https://subaudit.app.

For privacy inquiries, you can contact us at:

• Email: support@subaudit.app or subaudit.app@gmail.com
• General: hello@subaudit.app

2. Information We Collect

We collect information necessary to provide our subscription tracking service:

2.1 Account Information

• Registration data: Name, email address, country, and preferred currency provided during sign-up.
• Authentication data: If you sign in with Google or Apple, we receive your name and email from those providers. We store OAuth tokens to maintain your session.
• Password: For email/password login, passwords are stored as secure hashes (never in plain text).

2.2 Subscription Data

• Manually added subscriptions: Service names, prices, billing cycles, renewal dates, and categories you enter.
• Email-scanned subscriptions: Subscription details detected from your email (with your consent), including service names, prices, currencies, and renewal information.

2.3 Gmail/Email Scanning Data

When you connect your Gmail account, we use Gmail API access to scan for subscription-related emails (receipts, confirmations, renewal notices). We:

• Request read-only access to your messages using OAuth 2.0
• Search for subscription-related keywords and patterns
• Extract only the relevant subscription details (service name, price, date)
• Do NOT store full email content – we process emails transiently and store only extracted subscription metadata
• Store OAuth refresh tokens securely to maintain your connection (you can revoke access anytime)

2.4 Usage and Technical Data

• Product interactions: Features used, scan triggers, settings changes – to improve reliability
• Error logs: Diagnostic information when errors occur – for troubleshooting
• Session data: Temporary session identifiers for authentication

2.5 Mobile App Data (iOS/Android)

When you use our mobile apps:

• Push notification tokens: Device identifiers for sending renewal reminders. Deleted when you disable notifications or uninstall the app.
• Device identifiers: Anonymous IDs for analytics. Not used for advertising or cross-app tracking.
• Biometric data: Face ID, Touch ID, or fingerprint authentication is processed entirely on your device. We never receive, store, or transmit your biometric data.
• Camera/photos: Receipt photos are processed locally. Images are not uploaded unless you explicitly share them.
• Offline cache: Subscription data cached locally for offline access. Encrypted and deleted on logout or uninstall.

3. How We Use Your Information

• Provide the service: Detect subscriptions, display your dashboard, send renewal reminders, show insights
• Improve accuracy: Enhance email parsing and subscription detection algorithms
• Community insights: Generate anonymized, aggregated statistics (e.g., average prices) without identifying individuals
• Communications: Send transactional emails (welcome, password reset) from addresses like hello@subaudit.app
• Security: Detect and prevent abuse, unauthorized access, and fraud

4. Gmail API and Google Data

SubAudit's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:

• We request only the minimum scopes needed to find subscription receipts
• We do not sell or share your email content with third parties
• We do not use email data for advertising purposes
• Access to Google user data is limited to providing and improving subscription tracking features

5. Data Sharing and Third Parties

We share data only as necessary to operate the service:

• Vercel: Our hosting provider for web application deployment
• Database provider: PostgreSQL database hosting for persistent data storage
• Email provider: SMTP/SendGrid for transactional emails (welcome, password reset)
• Google APIs: For Gmail OAuth authentication and email scanning (with your explicit consent)
• Apple Sign-In: For Apple authentication (if you choose this login method)

We do not sell your personal data to third parties. We do not share your data for advertising purposes.

6. Security Measures

We implement security measures to protect your data:

• Encryption in transit: All data transmitted via HTTPS/TLS
• OAuth 2.0: Secure token-based authentication for email access
• Password hashing: Secure one-way hashing for stored passwords
• Access controls: Limited access to user data by authorized processes only
• Session management: Secure cookies with appropriate expiration

While we take reasonable precautions, no system is 100% secure. We encourage you to use strong passwords and protect your account credentials.

7. Data Retention and Deletion

How long we keep data:

• Account and subscription data: Retained while your account is active
• OAuth tokens: Retained until you unlink the account or revoke access
• Usage logs: Retained for up to 90 days for troubleshooting

Account deletion:

• You can delete your account from the Account/Profile page in the app
• Deletion removes your subscriptions, alerts, linked email tokens, and personal data
• Alternatively, email support@subaudit.app to request deletion
• Data is permanently removed within 30 days of a deletion request

8. Your Rights and Choices

You have control over your data:

• Access: View your data in your dashboard anytime
• Export: Download your subscription data as CSV
• Correction: Edit your subscriptions and profile information
• Deletion: Delete your account and all associated data
• Unlink inboxes: Remove connected email accounts from the Account page to stop scanning
• Revoke Google access: Remove SubAudit's access from your Google Account permissions

To exercise these rights or ask questions, contact support@subaudit.app.

9. Children's Privacy

SubAudit is not intended for children under 13 years of age (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@subaudit.app and we will delete it.

10. International Data Transfers

Our service is hosted on infrastructure that may process data in various locations. By using SubAudit, you consent to your data being processed in the countries where our service providers operate. We take reasonable steps to ensure your data is protected in accordance with this policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the app or email. Your continued use of SubAudit after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

• Privacy/Support: support@subaudit.app
• Fallback: subaudit.app@gmail.com
• General inquiries: hello@subaudit.app
• Legal/Admin: admin@subaudit.app

Website: https://subaudit.app

GitHub: github.com/saikiran8452/SubAudit